Export limit exceeded: 363715 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363715 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-5575 1 Metaphorcreations 1 Ditty 2025-05-13 4.7 Medium
The Ditty WordPress plugin before 3.1.43 does not sanitise and escape some of its blocks' settings, which could allow high privilege users such as authors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2024-5627 1 Tournamatch 1 Tournamatch 2025-05-13 5.4 Medium
The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks.
CVE-2025-22144 1 Namelessmc 1 Nameless 2025-05-13 9.8 Critical
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when the account is manually validated by a user with admincp.core.emails or admincp.users.edit permissions then the reset_code will no longer be NULL but empty. An attacker can request http://localhost/nameless/index.php?route=/forgot_password/&c= and reset the password. As a result an attacker may compromise another users password and take over their account. This issue has been addressed in release version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-5644 1 Tournamatch 1 Tournamatch 2025-05-13 5.4 Medium
The Tournamatch WordPress plugin before 4.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2025-29784 1 Namelessmc 1 Nameless 2025-05-13 7.5 High
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to performance degradation and potential denial-of-service (DoS) attacks. This issue has been patched in version 2.2.0.
CVE-2025-30158 1 Namelessmc 1 Nameless 2025-05-13 7.1 High
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attributes. This allows an authenticated attacker to perform a UI-based denial of service (DoS) by injecting oversized iframes that block the forum UI and disrupt normal user interactions. This issue has been patched in version 2.2.0.
CVE-2025-30357 1 Namelessmc 1 Nameless 2025-05-13 7.3 High
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator deletes the malicious user's account, all their posts (comments) along with the associated topics (by unrelated users) will be marked as deleted. This issue has been patched in version 2.2.0.
CVE-2024-6938 1 B3log 1 Siyuan 2025-05-13 3.5 Low
A vulnerability has been found in SiYuan 3.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PDF.js of the component PDF Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271993 was assigned to this vulnerability.
CVE-2025-31118 1 Namelessmc 1 Nameless 2025-05-13 7.1 High
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction, resulting in an uncontrolled surge of posts that can disrupt normal operations. This issue has been patched in version 2.2.0.
CVE-2024-24245 2 Canimaan, Clamxav 2 Clamxav, Clamxav 2025-05-13 7.8 High
An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component.
CVE-2024-49041 1 Microsoft 1 Edge Chromium 2025-05-13 4.3 Medium
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-49063 1 Microsoft 1 Muzic 2025-05-13 8.4 High
Microsoft/Muzic Remote Code Execution Vulnerability
CVE-2025-31120 1 Namelessmc 1 Nameless 2025-05-13 5.3 Medium
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application relies on a client-side cookie (nl-topic-[tid]) (or session variable for guests) to determine if a view should be counted. When a client does not provide the cookie, every page request increments the counter, leading to incorrect view metrics. This issue has been patched in version 2.2.0.
CVE-2025-32389 1 Namelessmc 1 Nameless 2025-05-13 6.5 Medium
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure `?param[0]=a&param[1]=b&param[2]=c` utilized by PHP, which is parsed by PHP as `$_GET['param']` being of type array. This issue has been patched in version 2.1.4.
CVE-2025-22142 1 Namelessmc 1 Nameless 2025-05-13 5.4 Medium
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff panel. As a result an attacker can execute javascript code on the staffer's computer. This issue has been addressed in version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2022-42218 1 Open Source Sacco Management System Project 1 Open Source Sacco Management System 2025-05-13 7.2 High
Open Source SACCO Management System v1.0 vulnerable to SQL Injection via /sacco_shield/manage_loan.php.
CVE-2022-42202 1 Tp-link 2 Tl-wr841n, Tl-wr841n Firmware 2025-05-13 6.1 Medium
TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to Cross Site Scripting (XSS).
CVE-2022-42188 1 Lavalite 1 Lavalite 2025-05-13 7.5 High
In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.
CVE-2022-42165 1 Tenda 2 Ac10, Ac10 Firmware 2025-05-13 9.8 Critical
Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.
CVE-2022-42116 1 Liferay 2 Dxp, Liferay Portal 2025-05-13 6.1 Medium
A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namespace parameter.